Role in IT decision-making process:Align Business & IT GoalsCreate IT StrategyDetermine IT NeedsManage Vendor RelationshipsEvaluate/Specify Brands or VendorsOther RoleAuthorize PurchasesNot Involved

Work Phone:

Company:

Company Size:

Industry:

Street Address

City:

Zip/postal code

State/Province:

Country:

Occasionally, we send subscribers special offers from select partners. Would you like to receive these special partner offers via e-mail?YesNo

Your registration with Eweek will include the following free email newsletter(s):News & Views

By submitting your wireless number, you agree that eWEEK, its related properties, and vendor partners providing content you view may contact you using contact center technology. Your consent is not required to view content or use site features.

By clicking on the "Register" button below, I agree that I have carefully read the Terms of Service and the Privacy Policy and I agree to be legally bound by all such terms.

WEBINAR:On-Demand

Encrypted traffic doesn't always mean secure traffic, but how can an organization understand what's going on with encrypted traffic without decrypting the data? That's the goal of Cisco's Encrypted Traffic Analytics offering, which became generally available on Jan. 10.

Cisco announced ETA as a preview technology in June 2017 as part of the company's wider intent-based networking initiative. ETA was initially only available for early field trials on a limited set of Cisco campus switches. Cisco is now making it generally available for all of its customers across multiple switch and routing platforms, including the Catalyst 9300 and 9400, ISR 4000 and 5000, and ASR 1000, as well as the Cloud Services Router 1000V.

"We're now making a new type of threat telemetry available to a big community of users," TK Keanini, principal engineer and product line CTO for analytics at Cisco, told eWEEK.

Further reading

Keanini explained that among the capabilities that ETA provides is the ability to detect malware hidden in encrypted traffic without the need to first decrypt the data traffic. In addition to being able to detect risks, ETA can also help to enable cryptographic compliance, he added.

"Customers will be able to understand how much of their digital business is in the clear and how much is encrypted," Keanini said.

Using encryption alone, however, is not enough for cryptographic compliance. There are multiple well-documented security issues with older encryption protocols, such as Secure Sockets Layer (SSL) version 3. To that end, Cisco ETA also provides information on what version of encryption protocols is being used, as well as cryptographic ciphers.

How It Works

Encrypted data, using SSL/TLS is just that—it's encrypted, meaning that it can't be read without being decrypted. Cisco ETA works to understand the risk of an encrypted data stream without violating the encrypted trust boundary by using an innovative machine learning-based approach to finds threats.

Cisco ETA starts by inspecting the initial data packet (IDP) in an encrypted data stream, which is actually unencrypted, Keanini said. "We get the first data packet of every session and we get it in its entirety," he said. "The first packet includes all of the negotiation parameters for the actual application session, and it's all sent in the clear."

IDP provides a "gold mine" of metadata, according to Keanini. On top of the information that comes from the IDP, Cisco uses a technique called Sequence of Packet Lengths and Times (SPLT) to gain further visibility.

"All of this data when fed into machine learning can be used to classify connections with really high fidelity," he said.

The machine learning classification is linked with Cisco's Global Risk Map, which can provide further correlation into potential threats and what might be going on with a given encrypted connection. Looking forward, Keanini said Cisco will continue to develop the ETA technology to provide more machine learning insights from encrypted traffic.

"There is a lot that we'll be exploring in the future," he said.

Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.

By submitting your information, you agree that eweek.com may send you eWEEK offers via email, phone and text message, as well as email offers about other products and services that eWEEK believes may be of interest to you. eWEEK will process your information in accordance with the Quinstreet Privacy Policy.

We ran into a problem

We already have your email address on file. Please use the "Forgot your password?" link to create a password, validate your email and login.